基於springboot和redis實現的單點登入
阿新 • • 發佈:2018-12-04
1、具體的加密和解密方法
package com.example.demo.util; import com.google.common.base.Strings; import sun.misc.BASE64Decoder; import sun.misc.BASE64Encoder; import javax.crypto.Cipher; import javax.crypto.KeyGenerator; import javax.crypto.spec.SecretKeySpec; import java.security.SecureRandom; /** * Create by zhuenbang on 2018/12/3 11:27 */ public class AESUtil { private static final String defaultKey = "7bf72345-6266-4381-a4d3-988754c5f9d1"; /** * @Description: 加密 * @Param: * @returns: java.lang.String * @Author: zhuenbang * @Date: 2018/12/3 11:33 */ public static String encryptByDefaultKey(String content) throws Exception { return encrypt(content, defaultKey); } /** * @Description: 解密 * @Param: * @returns: java.lang.String * @Author: zhuenbang * @Date: 2018/12/3 11:30 */ public static String decryptByDefaultKey(String encryptStr) throws Exception { return decrypt(encryptStr, defaultKey); } /** * AES加密為base 64 code * * @param content 待加密的內容 * @param encryptKey 加密金鑰 * @return 加密後的base 64 code * @throws Exception */ public static String encrypt(String content, String encryptKey) throws Exception { return base64Encode(aesEncryptToBytes(content, encryptKey)); } /** * AES加密 * * @param content 待加密的內容 * @param encryptKey 加密金鑰 * @return 加密後的byte[] * @throws Exception */ private static byte[] aesEncryptToBytes(String content, String encryptKey) throws Exception { KeyGenerator kgen = KeyGenerator.getInstance("AES"); SecureRandom random; if (System.getProperty("os.name").toLowerCase().contains("linux")) { random = SecureRandom.getInstance("SHA1PRNG"); } else { random = new SecureRandom(); } random.setSeed(encryptKey.getBytes()); kgen.init(128, random); Cipher cipher = Cipher.getInstance("AES"); cipher.init(Cipher.ENCRYPT_MODE, new SecretKeySpec(kgen.generateKey().getEncoded(), "AES")); return cipher.doFinal(content.getBytes("utf-8")); } /** * base 64 加密 * * @param bytes 待編碼的byte[] * @return 編碼後的base 64 code */ private static String base64Encode(byte[] bytes) { return new BASE64Encoder().encode(bytes); } /** * 將base 64 code AES解密 * * @param encryptStr 待解密的base 64 code * @param decryptKey 解密金鑰 * @return 解密後的string * @throws Exception */ public static String decrypt(String encryptStr, String decryptKey) throws Exception { return Strings.isNullOrEmpty(encryptStr) ? null : aesDecryptByBytes(base64Decode(encryptStr), decryptKey); } /** * AES解密 * * @param encryptBytes 待解密的byte[] * @param decryptKey 解密金鑰 * @return 解密後的String * @throws Exception */ private static String aesDecryptByBytes(byte[] encryptBytes, String decryptKey) throws Exception { KeyGenerator kgen = KeyGenerator.getInstance("AES"); SecureRandom random; if (System.getProperty("os.name").toLowerCase().contains("linux")) { random = SecureRandom.getInstance("SHA1PRNG"); } else { random = new SecureRandom(); } random.setSeed(decryptKey.getBytes()); kgen.init(128, random); Cipher cipher = Cipher.getInstance("AES"); cipher.init(Cipher.DECRYPT_MODE, new SecretKeySpec(kgen.generateKey().getEncoded(), "AES")); byte[] decryptBytes = cipher.doFinal(encryptBytes); return new String(decryptBytes); } /** * base 64 解密 * * @param base64Code 待解碼的base 64 code * @return 解碼後的byte[] * @throws Exception */ private static byte[] base64Decode(String base64Code) throws Exception { return Strings.isNullOrEmpty(base64Code) ? null : new BASE64Decoder().decodeBuffer(base64Code); } }
2、這裡獲取的token很關鍵,每次登入都要生成新的token,token是根據userId和當前時間戳加密的
@Override public String getToken(String userId) throws Exception { String token = AESUtil.encryptByDefaultKey(Joiner.on("_").join(userId, System.currentTimeMillis())); logger.debugv("token= {0}", token); redisService.set(UserKey.userAccessKey, userId, token); return token; }
3、寫一個解密的方法,解密把使用者id拿出來,然後從攔截器裡拿出token和當前登入token做對比
@Override public String checkToken(String token) throws Exception { String userId = AESUtil.decryptByDefaultKey(token).split("_")[0]; String currentToken = redisService.get(UserKey.userAccessKey, userId, String.class); logger.debugv("currentToken={0}", currentToken); if (StringUtils.isEmpty(currentToken)) { return null; } if (!token.equals(currentToken)) { return null; } return userId; }
4、攔截器裡具體處理,這裡採用註解攔截,當controller有@Secured攔截器才攔截
@Autowired
AuthTokenService authTokenService;
@Override
public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {
if (handler instanceof HandlerMethod) {
HandlerMethod hm = (HandlerMethod) handler;
Secured secured = hm.getMethodAnnotation(Secured.class);
if (secured != null) {
String authToken = request.getHeader(UserConstant.USER_TOKEN);
if (StringUtils.isEmpty(authToken)) {
render(response, CodeMsg.REQUEST_ILLEGAL);
return false;
}
String userId = authTokenService.checkToken(authToken);
if (StringUtils.isEmpty(userId)) {
render(response, CodeMsg.LOGIN_FAILURE);
return false;
}
}
return true;
}
return true;
}
private void render(HttpServletResponse response, CodeMsg cm) throws Exception {
response.setContentType("application/json;charset=UTF-8");
OutputStream out = response.getOutputStream();
String str = JSON.toJSONString(Result.error(cm));
out.write(str.getBytes("UTF-8"));
out.flush();
out.close();
}
5、寫一個測試登入介面和一個測試單點登入介面
/**
* @Description: 模擬登入
* @Param:
* @returns: com.example.demo.result.Result
* @Author: zhuenbang
* @Date: 2018/12/3 12:05
*/
@GetMapping("/login")
public Result login() throws Exception {
return authTokenService.login();
}
/**
* @Description: 模擬單點登入 @Secured這個方法攔截器會攔截
* @Param:
* @returns: com.example.demo.result.Result
* @Author: zhuenbang
* @Date: 2018/12/3 12:35
*/
@Secured
@GetMapping("/testSSO")
public Result testSSO() {
return authTokenService.testSSO();
}
具體的實現
@Override
public Result login() throws Exception {
String userId = "123456";
return Result.success(this.getToken(userId));
}
@Override
public Result testSSO() {
return Result.success("登入狀態正常");
}
postman 測試
單點登入測試
再次請求登入介面,然後不改變token介面如圖
這個方式實現單點登入的關鍵就是根據userId的加密和解密的實現。
github地址:https://github.com/zhuenbang/demo.git